AI/ML, Data Security

Multiple ChatGPT flaws pose clandestine data exposure risk

ChatGPT chat bot

OpenAI's ChatGPT artificial intelligence chatbot has been impacted by seven new security vulnerabilities and attack techniques that could be leveraged to covertly compromise user data, according to The Hacker News.

Among the security issues affecting OpenAI's GPT-4o and GPT-5 large language models are the indirect prompt injection bug in Browsing Context, a zero-click indirect prompt injection flaw in Search Context, and a one-click prompt injection defect, as well as a safety mechanism bypass flaw that renders illicit URLs on the chat, a report from Tenable researchers revealed.

Both models could be compromised through conversation injection, malicious content concealment, and memory injection techniques. With LLMs inherently exposed to prompt injections, systematic fixes remain unlikely, said researchers.

"AI vendors should take care to ensure that all of their safety mechanisms (such as url_safe) are working properly to limit the potential damage caused by prompt injection," researchers added.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds